Kusagadzikana (CVE-2022-30333) kwave kuchizivikanwa mune unrar utility, iyo inobvumira, kana uchiburitsa yakanyatso dhizainirwa dura, kunyora pamusoro mafaera kunze kweiyo dhairekitori razvino, sekusvika kodzero yemushandisi inobvumidza. Nyaya yakagadziriswa mukuburitswa kweRAR 6.12 uye unrar 6.1.7. Kusagadzikana kunoonekwa mushanduro dzeLinux, FreeBSD uye macOS, asi hazvikanganisi shanduro dzeAroid neWindows.
Dambudziko rinokonzerwa nekushaikwa kwekutarisa kwakaringana kwe "/.." kutevedzana mumigwagwa yefaira inotsanangurwa mudura, iyo inobvumira kuvhura kuti iende mhiri kwemiganhu yedhairekitori rekutanga. Semuenzaniso, nekuisa "../.ssh/authorized_keys" mudura, munhu anorwisa anogona kuedza kudzima faira remushandisi "~/.ssh/authorized_keys" panguva yekuburitsa.
Source: opennet.ru